×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ISPs Sign On To FCC Anti-Botnet Code of Conduct

Soulskill posted about 2 years ago | from the hey-guys-be-nice-ok dept.

Network 34

Trailrunner7 writes "The U.S.'s leading Internet Service Providers signed on to a new FCC code of conduct to limit the impact of major cyber security threats, including botnets, attacks on the Domain Name System and Internet routing attacks. AT&T, CenturyLink, Comcast, Cox, Sprint, Time Warner Cable, T-Mobile and Verizon were among the ISPs that participated in the agreement. 'The recommendations approved today identify smart, practical, voluntary solutions that will materially improve the cyber security of commercial networks and bolster the broader endeavors of our federal partners,' said FCC Chairman Julius Genachowski." A fact sheet from the FCC provides details on the recommendations, but they're pretty vague: "The CSRIC recommended ISPs participate in a U.S. Anti-Bot Code of Conduct (PDF) that encourages ISPs to engage in: (1) end-user education to prevent bot infections; (2) detection of bots; (3) notification of potential bot infections; (4) remediation of bots; and (5) collaboration and sharing of information." They also recommend broader adoption of DNSSEC and the development of an "industry framework" to combat IP route hijacking.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

34 comments

What about irc bots! (0)

Anonymous Coward | about 2 years ago | (#39455357)

Aww c'mon, there are some legitimate uses for bots!

!lart FCC

Re:What about irc bots! (1)

Sarten-X (1102295) | about 2 years ago | (#39455447)

They'll be detected by the ISP and disconnected due to "questionable activities", who will then be glad to upgrade you to a commercial-grade service for only $500/month, where the long-running connections and service-providing intent are allowed.

Prediction (1)

Anonymous Coward | about 2 years ago | (#39455433)

This will be used too liberally to cut off and punish high traffic users.

Re:Prediction (0)

Anonymous Coward | about 2 years ago | (#39455591)

TOS can already be used to cut off these users.

Bots (as in botnets) are a large problem on the internet.

Re:Prediction (1)

Anonymous Coward | about 2 years ago | (#39456471)

Cox never cuts me off or throttles me, and I'm on their 50 Mbps residential plan and use about 1.5 TB downstream a month. They also never have their name listed in support of copyright enforcement bills.

Off to a Good start (0)

Anonymous Coward | about 2 years ago | (#39455525)

Voluntary bandwidth throttling. Check.

Typical Stupidity: +4, Seditious (0)

Anonymous Coward | about 2 years ago | (#39455545)

because ALL bots are BAD.

Yours In Minsk,
K. Trout, C.I.O.

Oh good (5, Funny)

Cornwallis (1188489) | about 2 years ago | (#39455565)

"...attacks on the Domain Name System and Internet routing attacks..."

Something with teeth to finally stop the U.S. DOJ from shutting down websites arbitrarily.

Re:Oh good (4, Interesting)

gknoy (899301) | about 2 years ago | (#39455849)

I'm sure it will be corrupted with parts that make it illegal to use alternate DNS providers...

Re:Oh good (1)

Anonymous Coward | about 2 years ago | (#39456463)

When they mean DNS, they mean those recursion/amplification attacks, as well as the cache poisoning attacks.

WHY? (3, Insightful)

Anonymous Coward | about 2 years ago | (#39455583)

Why does every little thing they do have to be for the CORPORATE networks and not the individuals?

Re:WHY? (-1)

Anonymous Coward | about 2 years ago | (#39455803)

It doesn't say CORPORATE dumbass, it says COMMERCIAL. You know, all the stuff that lets YOU on the internet...

Re:WHY? (-1)

Anonymous Coward | about 2 years ago | (#39455841)

Because that's how fascism (corporate-government cooperation) works.

Re:WHY? (3, Informative)

bws111 (1216812) | about 2 years ago | (#39456413)

It says commercial, not corporate. The only reason the FCC (as part of the federal government) has any authority at all (constitutionally) is because of interstate commerce.

Take a step back and look. (5, Interesting)

Anonymous Coward | about 2 years ago | (#39455665)

Doesn't this mean that in order to detect the bots the ISPs must perform deep packet inspection, which everyone fought so hard against a few years ago?

Re:Take a step back and look. (2)

Em Adespoton (792954) | about 2 years ago | (#39456879)

Short answer: no.
All they need to do is monitor TCP and UDP on port 53 -- the traffic is all unencrypted and is by no means deep. In fact, they have to monitor this traffic for routing purposes already, so all they really need is a blacklist that triggers a notification script (which some ISPs --including Comcast-- already have in place).

What I'm afraid of is that ISPs will use this as an excuse to crack down on running your own DNS, or using a third party DNS (such as OpenDNS or GoogleDNS or not-in-my-repressive-countryDNS).

Not really (0)

Anonymous Coward | about 2 years ago | (#39457487)

The definition of DPI [wikipedia.org] is a bit broad.
But for the most part it only applies once you extract/examine the data portion of a packet.

It's a step beyond what ISPs should really care about (just the source/destination IP) as now they have to monitor the port number as well.
But they still don't need to identify that the traffic is DNS, or what hostname the DNS request is for - so it probably falls outside the definition of DPI.

Re:Take a step back and look. (0)

Anonymous Coward | about 2 years ago | (#39457731)

IMO let them start with checking daily sites like http://www.projecthoneypot.org/

In my (long) experience: a lot of ISPs just don't give a flying fuck as long as they get paid and can get away with it.

Good. (5, Insightful)

heypete (60671) | about 2 years ago | (#39455737)

Much of the abuse I see on the internet (such as spam, port scans, SSH login attempts, etc.) are from bots.

Most of the individual users have no idea their computer is compromised, let alone any idea how to fix the problem. Having ISPs take a more active role in securing their networks and helping users secure their systems is a worthy endeavor.

This won't end well (1, Funny)

JustAnotherIdiot (1980292) | about 2 years ago | (#39455761)

end-user education to prevent bot infections

Dear user:

This email is to inform you that you're internet service is being temporary halted so you can be educated.
Oh, and don't worry, you'll still pay full price for the next 3 months you are without internet.

We know best,
AT&T

Windows....lol (-1, Flamebait)

Anonymous Coward | about 2 years ago | (#39455785)

I've got a better idea to stop botnets: ban Windows machines from the Internet and require everyone to use OS X, the only secure OS for the typical user. Also, make Linux illegal outside of servers and 99.9% of the criminals go away since it's only an OS for illegal hacking.

Brilliant! (2)

Shoten (260439) | about 2 years ago | (#39456277)

The focus is realistic (aiming on the US specifically, which is where most bot activity originates anyways) and measured. They don't prescribe specific draconian regimens, but instead offer approaches and support the use of as many as are feasible. But most of all it takes the approach of "this is good for all of us," and ensure that the measures described fit that as well. This is the kind of approach that works well for industry by providing guidance, goals and options so that business can tailor their methods to what works well within their own operational constraints.

Does this mean ISPs will also stop hijacking DNS? (2)

dexotaku (1136235) | about 2 years ago | (#39456411)

"They also recommend broader adoption of DNSSEC and the development of an "industry framework" to combat IP route hijacking."

Does this mean that ISPs will also stop hijacking DNS themselves? I choose to use OpenDNS partly because the local telco [MTS Allstream] does this.. in some cases, it's like OpenDNS where they'll catch a typo and suggest the actual intended site, but a lot of the time it's being served their advertising or redirecting you whoknowswhere without permission [even from major common well-reputed sites]. It's one thing to choose that as a service, it's another to get commercially-poisoned DNS forced down your throat by default.

SImple solution (-1)

Anonymous Coward | about 2 years ago | (#39456585)

99.9% of botnet traffic is from clueless Windows users. Simple rule: If your machine is sending botnet traffic, your connection is severed until you demonstrate that you either (A) installed a more secure OS, or (B) learned to secure the one you have.

Re:SImple solution (-1)

Anonymous Coward | about 2 years ago | (#39456715)

And what OS is more secure for (A), considering that more linux servers get hacked than windows servers?

Re:SImple solution (1)

allo (1728082) | about 2 years ago | (#39460505)

simple calculation: there a lot more linux servers than windows servers. but the percentage of linux servers hacked is a lot smaller than the percentage of windows-servers hacked.

FCC == fail (3, Insightful)

gavron (1300111) | about 2 years ago | (#39457529)

The FCC has no juris[my]diction on anything to do with the Internet other than the inter-lata circuits it may use.
As to content, oversight, best practices, etc. they are not relevant.

Botnets aren't necessarily bad (think SETI at home). Cloud computing isn't bad. Encryption isn't bad.

You know what's bad? "Throttling", "N strikes", "watching your users' content". Those are all wrong.

E

DNSSEC (1)

nthwaver (1019400) | about 2 years ago | (#39458775)

DNSSEC implementation has been dismal so far, so it's great that people are agreeing to progress, but there's relatively little that ISPs can do, other than upgrading their caching nameservers. Most of the bottleneck is client software and zone administrators.

They screwed up on mine. (0)

Anonymous Coward | about 2 years ago | (#39458959)

I got a notification plus "containment" of my network by my ISP of my being infected by the "DNSChanger" virus.

The problem is that they incorrectly detected the virus on my network, so I was removed from the net based on a false positive detection.

This royally pissed me off. It didn't help that the actual detection was 1 1/2 days before the notice and immediate action on their part, so it gave me no way to respond and tell them they were wrong.

I have tried to contact the FBI (who CenturyLink blamed for the detection), and they are still giving me the runaround about it.

Erich Boleyn

Re:They screwed up on mine. (-1)

Anonymous Coward | about 2 years ago | (#39464041)

Penis whale

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...